Add ability to disable audit logs

client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html

@@ -136,4 +136,27 @@ <h2 i18n class="inner-form-title">CUSTOMIZATIONS</h2>
     </div>
   </div>
 
+  <div class="row mt-4"> <!-- cache grid -->
+    <div class="col-12 col-lg-4 col-xl-3">
+      <div class="anchor" id="customizations"></div> <!-- customizations anchor -->
+      <h2 i18n class="inner-form-title">LOGS</h2>
+      <div i18n class="inner-form-description">
+        Slight modifications to your PeerTube instance for when creating a plugin or theme is overkill.
+      </div>
+    </div>
+
+    <div class="col-12 col-lg-8 col-xl-9">
+      <ng-container formGroupName="instance">
+        <ng-container formGroupName="logs">
+          <ng-container formGroupName="auditLogs">
+            <div class="form-group">
+              <my-peertube-checkbox inputName="auditLogsEnabled" formControlName="enabled" i18n-labelText
+                labelText="Enable audit logs"></my-peertube-checkbox>
+            </div>
+          </ng-container>
+        </ng-container>
+      </ng-container>
+    </div>
+  </div>
+
 </ng-container>

client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts

@@ -93,6 +93,11 @@ export class EditCustomConfigComponent extends FormReactive implements OnInit {
         customizations: {
           javascript: null,
           css: null
+        },
+        logs: {
+          auditLogs: {
+            enabled: null
+          }
         }
       },
       theme: {

client/src/app/+admin/system/logs/logs.component.html

@@ -6,6 +6,7 @@
   </div>
 
   <ng-select
+    *ngIf="!isAuditLog() || isAuditLogsEnabled"
     [(ngModel)]="startDate"
     (ngModelChange)="refresh()"
     [clearable]="false"
@@ -30,14 +31,16 @@
 
   <my-select-tags *ngIf="!isAuditLog()" i18n-placeholder placeholder="Filter logs by tags" [(ngModel)]="tagsOneOf" (ngModelChange)="refresh()"></my-select-tags>
 
-  <my-button i18n-label label="Refresh" icon="refresh" (click)="refresh()"></my-button>
+  <my-button *ngIf="!isAuditLog() || isAuditLogsEnabled" i18n-label label="Refresh" icon="refresh" (click)="refresh()"></my-button>
 </div>
 
 <div class="logs">
   <div *ngIf="loading" i18n>Loading...</div>
 
   <div #logsElement>
-    <div *ngIf="!loading && logs.length === 0" i18n>No log.</div>
+    <div *ngIf="isAuditLog && !isAuditLogsEnabled" i18n>Audit logs disabled.</div>
+
+    <div *ngIf="!loading && logs.length === 0 && isAuditLogsEnabled" i18n>No log.</div>
 
     <div *ngFor="let log of logs" class="log-row" [ngClass]="{ error: log.level === 'error', warn: log.level === 'warn' }">
       <span class="log-level">{{ log.level }}</span>

client/src/app/+admin/system/logs/logs.component.ts

@@ -1,6 +1,6 @@
 import { Component, ElementRef, OnInit, ViewChild } from '@angular/core'
-import { LocalStorageService, Notifier } from '@app/core'
-import { ServerLogLevel } from '@peertube/peertube-models'
+import { LocalStorageService, Notifier, ServerService } from '@app/core'
+import { HTMLServerConfig, ServerLogLevel } from '@peertube/peertube-models'
 import { LogRow } from './log-row.model'
 import { LogsService } from './logs.service'
 
@@ -25,13 +25,20 @@ export class LogsComponent implements OnInit {
   logType: 'audit' | 'standard'
   tagsOneOf: string[] = []
 
+  serverConfig: HTMLServerConfig
+  isAuditLogsEnabled: boolean
+
   constructor (
     private logsService: LogsService,
     private notifier: Notifier,
-    private localStorage: LocalStorageService
+    private localStorage: LocalStorageService,
+    private serverService: ServerService
   ) { }
 
   ngOnInit (): void {
+    this.serverConfig = this.serverService.getHTMLConfig()
+    this.isAuditLogsEnabled = this.serverConfig.instance.logs.auditLogs.enabled
+
     this.buildTimeChoices()
     this.buildLevelChoices()
     this.buildLogTypeChoices()
@@ -55,7 +62,10 @@ export class LogsComponent implements OnInit {
     const tagsOneOf = this.tagsOneOf.length !== 0
       ? this.tagsOneOf
       : undefined
-
+    if (!this.isAuditLogsEnabled) {
+      this.loading = false
+      return
+    }
     this.logsService.getLogs({
       isAuditLog: this.isAuditLog(),
       level: this.level,

config/default.yaml

@@ -763,6 +763,9 @@ instance:
   securitytxt: |
     Contact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md
     Expires: 2025-12-31T11:00:00.000Z'
+  logs:
+    audit_logs: 
+      enabled: true
 
 services:
   # Cards configuration to format video in Twitter

packages/models/src/server/custom-config.model.ts

@@ -39,6 +39,12 @@ export interface CustomConfig {
       javascript?: string
       css?: string
     }
+
+    logs: {
+      auditLogs: {
+        enabled: boolean
+      }
+    }
   }
 
   theme: {

packages/models/src/server/server-config.model.ts

@@ -90,6 +90,11 @@ export interface ServerConfig {
       javascript: string
       css: string
     }
+    logs: {
+      auditLogs: {
+        enabled: boolean
+      }
+    }
   }
 
   search: {

packages/server-commands/src/server/config-command.ts

@@ -371,6 +371,12 @@ export class ConfigCommand extends AbstractCommand {
         customizations: {
           javascript: 'alert("coucou")',
           css: 'body { background-color: red; }'
+        },
+
+        logs: {
+          auditLogs: {
+            enabled: true
+          }
         }
       },
       theme: {

packages/tests/src/api/check-params/config.ts

@@ -42,6 +42,11 @@ describe('Test config API validators', function () {
       customizations: {
         javascript: 'alert("coucou")',
         css: 'body { background-color: red; }'
+      },
+      logs: {
+        auditLogs: {
+          enabled: true
+        }
       }
     },
     theme: {

packages/tests/src/api/server/config.ts

@@ -264,6 +264,11 @@ const newCustomConfig: CustomConfig = {
     customizations: {
       javascript: 'alert("coucou")',
       css: 'body { background-color: red; }'
+    },
+    logs: {
+      auditLogs: {
+        enabled: true
+      }
     }
   },
   theme: {

packages/tests/src/api/server/logs.ts

@@ -193,6 +193,41 @@ describe('Test logs', function () {
       expect(logsString.includes('video 10')).to.be.true
       expect(logsString.includes('video 11')).to.be.false
     })
+
+    it('Should refuse to create logs if disabled', async function () {
+      this.timeout(100000)
+
+      await server.config.updateCustomSubConfig({
+        newConfig: {
+          instance: {
+            logs: {
+              auditLogs:{
+                enabled: false
+              }
+            }
+          }
+        }
+      })
+
+      await server.videos.upload({ attributes: { name: 'video 12' } })
+      await waitJobs([ server ])
+
+      const now1 = new Date()
+
+      await server.videos.upload({ attributes: { name: 'video 13' } })
+      await waitJobs([ server ])
+
+      const now2 = new Date()
+
+      await server.videos.upload({ attributes: { name: 'video 14' } })
+      await waitJobs([ server ])
+
+      await logsCommand.getAuditLogs({
+        startDate: now1,
+        endDate: now2,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
   })
 
   describe('When creating log from the client', function () {

server/core/controllers/api/config.ts

@@ -158,6 +158,12 @@ function customConfig (): CustomConfig {
       customizations: {
         css: CONFIG.INSTANCE.CUSTOMIZATIONS.CSS,
         javascript: CONFIG.INSTANCE.CUSTOMIZATIONS.JAVASCRIPT
+      },
+
+      logs: {
+        auditLogs: {
+          enabled: CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED
+        }
       }
     },
     theme: {

server/core/helpers/audit-logger.ts

@@ -242,6 +242,7 @@ const customConfigKeysToKeep = new Set([
   'instance-defaultNSFWPolicy',
   'instance-customizations-javascript',
   'instance-customizations-css',
+  'instance-logs-auditLogs-enabled',
   'services-twitter-username',
   'services-twitter-whitelisted',
   'cache-previews-size',

server/core/initializers/checker-before-init.ts

@@ -48,7 +48,7 @@ function checkMissedConfig () {
     'client.videos.miniature.prefer_author_display_name', 'client.menu.login.redirect_on_single_external_auth',
     'defaults.publish.download_enabled', 'defaults.publish.comments_enabled', 'defaults.publish.privacy', 'defaults.publish.licence',
     'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
-    'instance.is_nsfw', 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt',
+    'instance.is_nsfw', 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt', 'instance.logs.audit_logs.enabled',
     'services.twitter.username', 'services.twitter.whitelisted',
     'followers.instance.enabled', 'followers.instance.manual_approval',
     'tracker.enabled', 'tracker.private', 'tracker.reject_too_many_announces',

server/core/initializers/config.ts

@@ -546,7 +546,12 @@ const CONFIG = {
       get CSS () { return config.get<string>('instance.customizations.css') }
     },
     get ROBOTS () { return config.get<string>('instance.robots') },
-    get SECURITYTXT () { return config.get<string>('instance.securitytxt') }
+    get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
+    LOGS: {
+      AUDIT_LOGS:{
+        get ENABLED () { return config.get<boolean>('instance.logs.audit_logs.enabled') }
+      }
+    }
   },
   SERVICES: {
     TWITTER: {

server/core/lib/server-config-manager.ts

@@ -100,6 +100,11 @@ class ServerConfigManager {
         customizations: {
           javascript: CONFIG.INSTANCE.CUSTOMIZATIONS.JAVASCRIPT,
           css: CONFIG.INSTANCE.CUSTOMIZATIONS.CSS
+        },
+        logs: {
+          auditLogs: {
+            enabled: CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED
+          }
         }
       },
       search: {

server/core/middlewares/validators/config.ts

@@ -17,6 +17,7 @@ const customConfigUpdateValidator = [
   body('instance.defaultClientRoute').exists(),
   body('instance.customizations.css').exists(),
   body('instance.customizations.javascript').exists(),
+  body('instance.logs.auditLogs.enabled').exists(),
 
   body('services.twitter.username').exists(),
   body('services.twitter.whitelisted').isBoolean(),

server/core/middlewares/validators/logs.ts

@@ -80,6 +80,8 @@ const getAuditLogsValidator = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
 
+    if (!CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED) return res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+
     return next()
   }
 ]

support/doc/api/openapi.yaml

@@ -7935,6 +7935,14 @@ components:
                   type: string
                 css:
                   type: string
+            logs:
+              type: object
+              properties:
+                auditLogs:
+                  type: object
+                  properties:
+                    enabled:
+                      type: boolean
         search:
           type: object
           properties:
@@ -8252,6 +8260,14 @@ components:
                   type: string
                 css:
                   type: string
+            logs:
+              type: object
+              properties:
+                auditLogs:
+                  type: object
+                  properties:
+                    enabled:
+                      type: boolean
         theme:
           type: object
           properties: